August 2012 Patch Tuesday Overview

Last month Microsoft released a Security Bulletin (MS12-043) addressing a Zero-Day vulnerability in the Microsoft XML Core Services. With the Security Bulletin release, Microsoft addressed the vulnerability in MS XML Core Services 3.0, 4.0 and 6.0. Microsoft did not release the patches for MS XML Core Services version 5.0 until this month. As you go through your patching cycle, it is important to remember to apply the patches for this additional (10th) bulletin that is left over from last month.

Microsoft also released a non-security update in part of their work on hardening digital certificates on Windows operating systems. Non-security update KB2661254 will block any digital certificates that are not 1024 bits in length. As this non-security update is a defense-in-depth update and there are no known active attacks related to the patch, administrators should concentrate on the Security Bulletin releases first this month. Although unlikely, there is a potential that this non-security update could break functionality on systems if not thoroughly tested first. At this time, this non-security update is only available on the Microsoft Download Center.

There are two bulletins administrators should look at applying right away to prevent malicious webpages from exploiting their systems. MS12-052 affects all supported versions of the Microsoft Internet Explorer browser. This is the third straight month we have seen some type of Security Bulletin released for Microsoft’s browser.

When patching your Internet Explorer browsers this month, administrators will need to apply two patches to fully mitigate the risk of an attack. If Internet Explorer version 8 is installed, administrators will need to apply the Internet Explorer Cumulative Update (MS12-052) and Security Bulletin MS12-056. MS12-056 fixes a vulnerability in JScript that could lead to Remote Code Execution.

Windows Remote Desktop is appearing once again with a critical Security Bulletin. Similar to previous Microsoft Security Bulletins affecting RDP, an attacker can gain access to the system by sending an unauthenticated, malicious RDP packet to a Windows XP SP3 system with RDP enabled. As I said earlier this year, RDP is commonly used and turned on by administrators to remotely control their systems.

One Security Bulletin this month addresses a vulnerability that has seen targeted, limited attacks. MS12-060 addresses a vulnerability in Windows Common Controls that could lead to Remote Execution. If a user opens a malicious RTF document on an upatched system, an attacker can gain complete access to the system. RTF documents as attachments are common. In addition, most email security software do not block these types of attachments due to how commonly they are used.

The last Microsoft Security Bulletin administrators should pay particular attention to this month is MS12-054. This Security Bulletin addresses multiple vulnerabilities in the Windows Networking Components. If an attacker is able to share a resource with a malicious name on a network, the attacker can gain control of other systems with an unauthenticated response to the machine. An example of this is any resource, such as a shared printer, that machines will attempt to find on a network.

With every Adobe Security Bulletin release, Google also releases updates for their Google Chrome and Chrome Frame browsers. A new update released today by Google includes the latest version of Flash with their installation.

As with any Patch Tuesday, it is important to keep an eye on any other non-Microsoft vendor releasing Security Bulletins.

I will be going over the August Patch Tuesday in detail in addition to any other non-Microsoft releases since the last Patch Tuesday in our Monthly Patch Tuesday webinar. In addition, I will be spending some time discussing the Flame virus situation. This webinar is scheduled for next Wednesday, August 15th at 11:00am CT. You can register for this webinar here.

About Shavlik

Shavlik, a global leader in simplifying the complexity of IT management, is dedicated to significantly reducing the time-to-value for IT professionals from months to minutes. Shavlik’s Protect, Configure, SCUPdates and Management Intelligence are some of its on-premise and cloud base solutions that enable customers to manage both physical and virtual machines, deploy software, discover assets, simplify configuration, control power usage and ensure endpoint security. By bringing the sophisticated capabilities enjoyed by large companies to organizations of all sizes and types, Shavlik is driving the democratization of IT.